seccomp: add clone syscall definitions for mips (#5880)

Also updates the documentation and adds a mention of ppc64 support
which was enabled by #5325.

Tested on Debian mipsel and mips64el. The other 4 mips architectures
should have an identical user <-> kernel ABI to one of the 2 tested
systems.

2 files changed, 7 insertions, 1 deletions

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 2631856563..bc8eaabab2 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -804,6 +804,12 @@ int seccomp_restrict_namespaces(unsigned long retain) {
                 case SCMP_ARCH_X32:
                 case SCMP_ARCH_PPC64:
                 case SCMP_ARCH_PPC64LE:
+                case SCMP_ARCH_MIPS:
+                case SCMP_ARCH_MIPSEL:
+                case SCMP_ARCH_MIPS64:
+                case SCMP_ARCH_MIPSEL64:
+                case SCMP_ARCH_MIPS64N32:
+                case SCMP_ARCH_MIPSEL64N32:
                         clone_reversed_order = 0;
                         break;
 
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index b56ac3f763..468be19f05 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -92,7 +92,7 @@ int seccomp_memory_deny_write_execute(void);
 #endif
 
 /* we don't know the right order of the clone() parameters except for these archs, for now */
-#if defined(__x86_64__) || defined(__i386__) || defined(__s390x__) || defined(__s390__) || defined(__powerpc64__)
+#if defined(__x86_64__) || defined(__i386__) || defined(__s390x__) || defined(__s390__) || defined(__powerpc64__) || defined(__mips__)
 #define SECCOMP_RESTRICT_NAMESPACES_BROKEN 0
 #else
 #define SECCOMP_RESTRICT_NAMESPACES_BROKEN 1